Obama launches sanctions programme against cyber-attacks

US, April 2, 2015

US-President Barack Obama yesterday launched a sanctions programme to target individuals and groups outside the US that use cyber-attacks to threaten US foreign policy, national security or economic stability.

In an executive order, Obama declared such activities a "national emergency" and allowed the US Treasury Department to freeze assets and bar other financial transactions of entities engaged in destructive cyber-attacks, said a statement.

The executive order gave the administration the same sanctions tools it deploys to address other threats, including crises in the Middle East and Russia's aggression in Ukraine. Those tools are now available for a growing epidemic of cyber threats aimed at US computer networks, it added.

"The Obama administration is really getting serious now. This order brings to bear the economic might of the US against people who are robbing us blind and putting us in danger," said Joel Brenner, who headed US counterintelligence during President George W Bush's second term.

The effort to toughen the response to hacking follows indictments of five Chinese military officers and the decision to "name and shame" North Korea for a high-profile attack on Sony. Officials said they hoped US allies would follow suit.

China, which routinely denies accusations by US investigators that hackers backed by the Chinese government have been behind attacks on US companies, said cyber-attacks were generally cross-border incidents with origins hard to track.

"China consistently does not approve of any one country using its domestic law to implement sanctions at every turn against the people or entities in another country," Chinese Foreign Ministry spokeswoman Hua Chunying told a daily news briefing.

Senior US administration officials said the new programme was focused on activities rather than countries or regions.

US lawmakers and security and legal experts welcomed the move as an encouraging step after a steady stream of cyber-attacks aimed at Target, Home Depot and other retailers, as well as military networks.

But they said the executive order was surprisingly broad, which could result in a compliance nightmare for companies, and warned that it remained difficult to definitively "attribute" hacking attacks and identify those responsible.

Obama said in a statement that harming critical infrastructure, misappropriating funds, using trade secrets for competitive advantage and disrupting computer networks would trigger the penalties.

Companies that knowingly use stolen trade secrets to undermine the US economy would also be targeted.

"From now on, we have the power to freeze their assets, make it harder for them to do business with US companies, and limit their ability to profit from their misdeeds," Obama said.

The programme was designed as a deterrent and punishment, filling a gap in US cybersecurity efforts where diplomatic or law enforcement means were insufficient, Michael Daniel, Obama's cybersecurity adviser, told reporters. He said there was no timeline for determining an initial round of targets.

Obama has moved cybersecurity toward the top of his 2015 agenda after recent breaches. Last month, the Central Intelligence Agency announced a major overhaul aimed in part at sharpening its focus on cyber operations. – Reuters